Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    11-06-2024 00:01

General

  • Target

    808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe

  • Size

    92KB

  • MD5

    c53e86a0cc43377f5714997938682731

  • SHA1

    f7b487761860ec5e7f95c07da93c2a9b2f28fbf9

  • SHA256

    808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda

  • SHA512

    5d817b3836c0d135b89866f5ace5b0d0bb3d978bc191e45962895020504b537a81aaea8a2eea6b5151e67266a04906d36901ca4bd1b2f3dc1b6b5ca2a8dba796

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/0VXaqvx:6e7WpMaxeb0CYJ97lEYNR73e+eKZ0VXN

Score
9/10

Malware Config

Signatures

  • Renames multiple (3526) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe
    "C:\Users\Admin\AppData\Local\Temp\808538fc842810d1502a81ea1f10bede35ebcb4929a60805747b9a4e59028fda.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

    Filesize

    93KB

    MD5

    d854ce585f8864090d06f3f4a9498970

    SHA1

    c37420d3170a84bc46f186ace8a02c92211ca6c8

    SHA256

    f494f5156b4927df80735060b5753436c5d28d28099ec4c9bcea68f8c991cfad

    SHA512

    35f4d525fd5e523ea838c03dd4a6e37819b6b12978c0a1a64b7a4d1ec891e450261f001f0d56045dce196f05ea188888f7316b5a085b06a5e0c944dcc5bd8e3e

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    102KB

    MD5

    9f74404b0a5753fefb825a771fe26749

    SHA1

    8eeaa06aadc9f4adb1c299ff6cb48b5cff2d918d

    SHA256

    91d179b7ee503eab3703dcefd8f505b8887db3175cc043c8b0fc72f60b1c3e5a

    SHA512

    8c94cc81886d398c14fd45f2d1ae5a99396aa0cea829a061fdabcb00f70ed0addaa3d1be9e4e48a9a489efa1413fa19f073e7ed5101f2669bae022d666c3534f